How to verify a package that requests sudo password?

I installed Qt, again, on new installation of Ubuntu. It asked me for sudo password, which is not strange since it wants to write it's data in kind of restricted environment. But what if some cracker, has embedded a virus and went of distributing working software from trustworthy company, but when you start it, it also starts sequence of things that you don't want on your computer?

On Windows there was a verification, that whenever program asks you for administrator permission, you could kind of see that the installation file is trustworthy because not a single byte has been changed, the "Author: Google Inc." and block is colored blue, not yellow. Is there a way to have same in Linux? I don't need boxes and button pressing, but is there a way to verify "is current running process that of which name I know, unchanged official redistributed installation file?".

I know I could check checksums, but, not every software developer is giving you official checksums and it also kind of takes time. Is there a way to verify running application that asks me for sudo password?